Vulnerabilities > Oracle > Communications Cloud Native Core Policy > 1.14.0
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-23 | CVE-2021-39148 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39149 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39151 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39153 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-23 | CVE-2021-39154 | XStream is a simple library to serialize objects to XML and back again. | 8.5 |
| 2021-08-16 | CVE-2021-32827 | Cross-site Scripting vulnerability in multiple products MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. | 9.6 |
| 2021-07-12 | CVE-2021-30640 | Improper Encoding or Escaping of Output vulnerability in multiple products A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. | 6.5 |
| 2021-07-12 | CVE-2021-33037 | HTTP Request Smuggling vulnerability in multiple products Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. | 5.3 |
| 2021-06-29 | CVE-2021-22119 | Incorrect Authorization vulnerability in multiple products Spring Security versions 5.5.x prior to 5.5.1, 5.4.x prior to 5.4.7, 5.3.x prior to 5.3.10 and 5.2.x prior to 5.2.11 are susceptible to a Denial-of-Service (DoS) attack via the initiation of the Authorization Request in an OAuth 2.0 Client Web and WebFlux application. | 7.5 |
| 2021-06-09 | CVE-2021-28169 | For Eclipse Jetty versions <= 9.4.40, <= 10.0.2, <= 11.0.2, it is possible for requests to the ConcatServlet with a doubly encoded path to access protected resources within the WEB-INF directory. | 5.3 |